From 34f2ad80b5c85735d126888d53a7145051a200d3 Mon Sep 17 00:00:00 2001 From: delphij Date: Thu, 10 Aug 2017 06:59:43 +0000 Subject: [PATCH] Fix OpenSSH Denial of Service vulnerability. [SA-17:06] Approved by: so git-svn-id: svn://svn.freebsd.org/base/releng/10.3@322344 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- UPDATING | 4 ++++ crypto/openssh/auth-passwd.c | 5 +++++ sys/conf/newvers.sh | 2 +- 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/UPDATING b/UPDATING index f5e4c471f..5d952a087 100644 --- a/UPDATING +++ b/UPDATING @@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20170810 p21 FreeBSD-SA-17:06.openssh + + Fix OpenSSH Denial of Service vulnerability. [SA-17:06] + 20170712 p20 FreeBSD-SA-17:05.heimdal FreeBSD-EN-17:06.hyperv diff --git a/crypto/openssh/auth-passwd.c b/crypto/openssh/auth-passwd.c index 63ccf3cab..f6825ecc0 100644 --- a/crypto/openssh/auth-passwd.c +++ b/crypto/openssh/auth-passwd.c @@ -66,6 +66,8 @@ extern login_cap_t *lc; #define DAY (24L * 60 * 60) /* 1 day in seconds */ #define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ +#define MAX_PASSWORD_LEN 1024 + void disable_forwarding(void) { @@ -87,6 +89,9 @@ auth_password(Authctxt *authctxt, const char *password) static int expire_checked = 0; #endif + if (strlen(password) > MAX_PASSWORD_LEN) + return 0; + #ifndef HAVE_CYGWIN if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) ok = 0; diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 00b799623..9782a6707 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.3" -BRANCH="RELEASE-p20" +BRANCH="RELEASE-p21" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi -- 2.42.0